<?php
    include_once '../connection/databaseHandler.php';
    include_once '../connection/sessionHandler.php';
    $database = new DatabaseHandler();
    $session = new SessionHandler();

    // mendapat password dan username
    $myusername=$_POST['username'];
    $mypassword=$_POST['pswd'];

    // menghilangkan kemungkinan SQL Injection
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);
    $mypassword = md5($mypassword);

    $query="SELECT * FROM ".$database->t_blocked_user." WHERE username='".$myusername."'";
    $result = $database->execQuery($query);
    $count = mysql_num_rows($result);

    if ($count==0) {
        $query="SELECT * FROM ".$database->t_user." WHERE username='".$myusername."' and password='".$mypassword."'";
        $result = $database->execQuery($query);

        // menghitung jumlah baris yang didapatkan, kalau benar seharusnya hanya satu baris
        $count = mysql_num_rows($result);

        if($count==1){
            // register username dan password
            $result = mysql_fetch_array($result);
            $session->setSession($result);
            header("location:../profile.php");
        }
        else {
            // kalo salah disini handlernya
            header("location:../index.php?ref=loginFailed");
        }
    }
    else {
        // kalo salah disini handlernya
        header("location:../index.php?ref=userBlocked");
    }
?>
